Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-26152 | Path Traversal vulnerability in Nbluis Static-Server All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | 7.5 |
| 2023-10-03 | CVE-2023-43627 | Path Traversal vulnerability in Furunosystems Acera 1310 Firmware and Acera 1320 Firmware Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. | 5.7 |
| 2023-09-28 | CVE-2023-43044 | Path Traversal vulnerability in IBM License Metric Tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-09-27 | CVE-2023-40532 | Path Traversal vulnerability in Collne Welcart Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | 4.3 |
| 2023-09-27 | CVE-2023-42657 | Path Traversal vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | 9.6 |
| 2023-09-27 | CVE-2023-43825 | Path Traversal vulnerability in Ekakin Shihonkanri Plus 9.0.3 Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.. | 7.8 |
| 2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |
| 2023-09-25 | CVE-2023-43382 | Path Traversal vulnerability in Iteachyou Dreamer CMS 4.1.3 Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | 8.8 |
| 2023-09-25 | CVE-2023-43256 | Path Traversal vulnerability in Gladysassistant Gladys Assistant A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 6.5 |
| 2023-09-25 | CVE-2023-39407 | Path Traversal vulnerability in Huawei Harmonyos 2.0.0 The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | 9.1 |